11 matches found
CVE-2023-49979
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...
CVE-2023-49973
A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customersupport/index.php?page=customerlist...
Cross site scripting
A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customersupport/index.php?page=newticket...
CVE-2023-49971
A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customersupport/index.php?page=customerlist...
Sql injection
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customersupport/ajax.php?action=login...
Sql injection
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customersupport/ajax.php?action=saveticket...
Sql injection
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customersupport/index.php?page=editcustomer...
Sql injection
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customersupport/ajax.php...
CVE-2023-49968
The CVE-2023-49968 entry covers a SQL injection in Customer Support System v1, exploitable via the id parameter on /customer_support/manage_department.php. The issue is caused by insufficient input validation in that parameter, allowing an attacker to alter SQL query logic and potentially access ...
Authorization
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...
CVE-2023-49545
CVE-2023-49545 affects the Customer Support System v1. The vulnerability is a directory listing flaw that allows an attacker to enumerate directories and sensitive files without requiring authorization. The provided connected sources corroborate this description across multiple feeds (NVD/Red Hat...